Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tapestry Wiki" for change notification.
The following page has been changed by JesperZedlitz: http://wiki.apache.org/tapestry/AcegiSpringJava5FormBased New page: * AcegiSpringJava5 - First part of the tutorial A modern webapplication uses form based logon instead of HTTP Basic authentication. Here is an attempt to add a login form to my solution presented in the first part of the tutorial. Add these lines to {{{src/main/resources/META-INF/hivemodule.xml}}} {{{ <contribution configuration-id="hivemind.ApplicationDefaults"> <default symbol="tapestry.acegi.authenticationProcessingFilter" value="de.zedlitz.tapestry.acegi.FormProcessingFilter"/> <default symbol="tapestry.acegi.authenticationEntryPoint" value="de.zedlitz.tapestry.acegi.FormAuthenticationEntryPoint"/> <!-- ^^^^ you have to adjust this text according to your module id --> </contribution> <service-point id="FormProcessingFilter" interface="javax.servlet.Filter"> <invoke-factory> <construct class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter" initialize-method="afterPropertiesSet"> <set property="authenticationFailureUrl" value="/LoginFailed.html"/> <set property="defaultTargetUrl" value="/app"/> <set property="filterProcessesUrl" value="/j_acegi_security_check"/> </construct> </invoke-factory> </service-point> <service-point id="FormAuthenticationEntryPoint" interface="org.acegisecurity.ui.AuthenticationEntryPoint"> <invoke-factory> <construct class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint"> <set property="loginFormUrl" value="/app?page=Login&service=page"/> <set property="forceHttps" value="false"/> </construct> </invoke-factory> </service-point> }}} This tells Acegi to redirect all unauthenticated request {{{to /app?page=Login&service=page}}}, our login page. Create the login page {{{src/main/webapp/Login.html}}}: {{{ <html> <head> <title>tapestry-acegi: login</title> </head> <body> <h1>tapestry-acegi: login</h1> <form jwcid="@Form" listener="listener:submit"> <p>username: <input type="text" jwcid="@TextField" value="ognl:username" /></p> <p>password: <input type="text" jwcid="@TextField" value="ognl:password" /></p> <input type="submit" jwcid="@Submit" /> </form> </body> </html> }}} The logic is in the corresponding Java class {{{src/main/java/de/zedlitz/tapestry/acegi/Login.java}}}: {{{ package de.zedlitz.tapestry.acegi; import org.acegisecurity.Authentication; import org.acegisecurity.AuthenticationException; import org.acegisecurity.AuthenticationManager; import org.acegisecurity.context.SecurityContextHolder; import org.acegisecurity.providers.UsernamePasswordAuthenticationToken; import org.acegisecurity.ui.AbstractProcessingFilter; import org.acegisecurity.ui.savedrequest.SavedRequest; import org.apache.tapestry.RedirectException; import org.apache.tapestry.annotations.InjectObject; import javax.servlet.http.HttpServletRequest; public abstract class Login extends org.apache.tapestry.html.BasePage { public abstract String getUsername(); public abstract String getPassword(); @InjectObject("service:hivemind.acegi.AuthenticationManager") public abstract AuthenticationManager getAuthenticationManager(); @InjectObject("service:tapestry.globals.HttpServletRequest") public abstract HttpServletRequest getHttpServletRequest(); public void submit() { SavedRequest savedRequest = (SavedRequest) this.getHttpServletRequest().getSession() .getAttribute(AbstractProcessingFilter.ACEGI_SAVED_REQUEST_KEY); UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(getUsername(), getPassword()); Authentication authResult; try { authResult = this.getAuthenticationManager() .authenticate(authRequest); } catch (final AuthenticationException failed) { SecurityContextHolder.getContext().setAuthentication(null); return; } SecurityContextHolder.getContext().setAuthentication(authResult); throw new RedirectException(savedRequest.getFullRequestUrl()); } } }}} --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
